Oracle Blog

Availability Engineering

Wednesday Feb 28, 2007

The Cluster Console Panel
(CCP) utility has long been a favorite of users involved with
administration of systems having multiple nodes. It provides a single
access point to interact simultaneously with a multitude of nodes,
thus saving a lot of effort.

In releases of Sun
Cluster software until 3.2, the access methods which were available
with the CCP utility were rlogin, telnet, and console access over
telnet. The missing part was secure connections to nodes and to their
consoles.

With the increasing focus
on security in production environments, the Cluster Console tool,
cconsole, was lacking this support. The newer breed of servers
from Sun have platform managers like service processors, which offer
secure connections and allow users to manage nodes remotely. The
cconsole tool was, however, not equipped to utilize this. There have
been repeated requests from customers to incorporate secure
connections via Secure Shell (SSH) into cconsole.

The patch to Sun Cluster
3.2 software will add SSH support to both the GUI and command line
variants of cconsole. The revamped CCP features include:

SSH support for
cconsole: The cconsole tool will support connections to node
consoles over SSH. This is in addition to the already existing
standard telnet connections to consoles. The utility could be used
in either of the following ways:

- Launch the CCP GUI
using the ccp command and then click on the cconsole button. The
graphical interface for cconsole will have a new check box called
“Use SSH" under the "Options" menu. Select this
check box for going over SSH to the node consoles. By default, the
check box is deselected, meaning that the default mode of connecting
to consoles is not secure. Refer to Figure 1.

- Launch
cconsole directly from the command line. The command line options for
cconsole are:

-s

New option for enabling
SSH while connecting to a node's console. The /etc/serialports
database has the console access device's name and the port number
to be used for the SSH connection. Specify 22 as the port number
if using the default SSH configuration on the console access
device, otherwise specify a custom port number.

If either the
console or the ccp command is launched with the "-s"
command line option, the “Use
SSH” check box is automatically selected. If the “-s” option is
not specified, select the “Use
SSH” check box under the “Options” menu to enable SSH
connection.

A new "cssh"
command: CCP software will include a new cssh command which
could be used to connect to nodes using standard SSH connections, in
either of the following ways:

- Launch the CCP GUI with the ccp command, then click on the new
cssh button (which is next to the existing crlogin, ctelnet, and
cconsole buttons).

- Issue the cssh command directly from the command line. The cssh
command takes the following options:

-p port Optional port number to use
for the SSH connections. Port 22 is used by default.

Here is a screenshot of the modified
Cluster Console Panel. It shows the new “cssh” button on the
panel for the cssh command. It also shows the new “Use SSH” check
box under the Options menu when the cconsole button is clicked.

Figure 1.Cluster Console Panel GUI

Shared options:
The ccp command will accept options at the command line that are
used by crlogin, cssh, and cconsole. Values passed to the options
are effective for all the commands that are hence launched by
clicking on the icons from the CCP GUI. For more details about the
commands and their options, refer to the cconsole(1M) man page.

As an example, if one launches ccp in this manner:

#ccp -l joe -s -p 123

then this will be
the effect on individual tools that are launched from the buttons on
the CCP GUI:

ctelnet

This command ignores all
of the -l, -p, and -s options and treats everything else on the
command line as cluster or node names.

crlogin

The user name for rlogin
would be "joe".

cssh

The SSH user name would
be "joe" and the SSH port number would be "123".

cconsole

The cconsole tool would
use SSH to connect to the nodes due to the "-s" option.
The user name for the SSH connection to the console access device
(as determined by the entry in /etc/serialports) would be "joe".

The port number, however,
is taken from the serialports database and not from the
command-line value of the "-p" option.

In addition, the user
could deselect the checkbox "Use SSH" and override the
command-line option "-s", in which case the console
would be accessed using a telnet connection to the console access
device.

With all these changes,
the CCP, and cconsole in particular, will be equipped to act as a
full-fledged tool for multi-node administration, further adding to
ease of use of Sun Cluster 3.2 software.